search

spacedeck / spacedeck-open

Spacedeck, a web based, real time, collaborative whiteboard application with rich media support
GNU Affero General Public License v3.0
1k stars 243 forks source link

Allow providing auth session token via HTTP header #238

Closed fnwbr closed 2 years ago

fnwbr commented 2 years ago

This allows sending the same session token, that is usually being provided via the sdsession cookie, via the X-Spacedeck-Auth HTTP header.

fnwbr commented 2 years ago

Correct me if I am wrong here, but we looked through the repository a little, and saw that the X-Spacedeck-Auth header is referenced in one or two places without being fully implemented.

The difference here would be: X-Spacedeck-Api-Token is an HTTP header that can be provided to provide an api_token (coming from the User model), while X-Spacedeck-Auth would be a session token, which has to be generated via a POST to the /sessions endpoint first. (kind of as outlined in https://github.com/spacedeck/spacedeck-open/issues/15#issuecomment-616187422 back then)